In this context, what's important is source-code availability to the general public. A program which has publicly-available source code but is released under a nonfree (or at least potentially nonfree) license is leaps and bounds better than one which doesn't even provide the source code.
Yeah, software freedom is a very good thing, but - in the context of security - it's the source code availability that matters, and that doesn't necessarily require a FOSS license.
